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METHOD AND SYSTEM FOR ENABLING A CLIENT TO ACCESS SERVICES 
PROVIDED BY A SERVICE PROVIDER 

[0001] The present invention relates to a method and a system for access by a 
client to services provided by a service provider. 

[0002] The invention concerns the field of access by a client to services provided 
by a service provider, in which the client is able to transmit and/or receive 
information according to a point-to-point transport protocol via a 
telecommunication network and a session concentrator which is able to transmit 
and/or receive information according to the point-to-point transport protocol, and 
in which an access control protocol is used in the telecommunication network to 
control access to the services provided by the service provider. 

[0003] In conventional Internet access systems which use connections for 
example of the DSL type, each client is connected to a Digital Subscriber Line 
Access Multiplexor which is itself connected to a PPP session concentrator. DSL 
is the acronym for "Digital Subscriber Line", and PPP is the acronym for "Point- 
to-Point Protocor'. A PPP session is a session which is established according to 
a point-to-point protocol such as, for example, the protocol defined in IETF 
recommendation RFC 2516. A PPP session concentrator is conventionally 
referred to as a BAS, the acronym for "Broadband Access Server". A PPP 
session concentrator conveys the sessions established by the various clients of 
the network to the point of presence of the service provider to which they are 
subscribed. 

[0004] The telecommunication networks which are used in the prior art are based 
on ATM technology, ATM being the acronym for "Asynchronous Transfer Mode". 
When a new client wishes to subscribe to services offered by a service provider 
of the DSL type, an ATM virtual channel VC is created by an operator between 
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the DSL modem of the new client and the server BAS. The virtual channels of the 
clients subscribed to the same service provider, or to a service of the service 
provider, are grouped into virtual paths or VPs between the different Digital 
Subscriber Line Access Multiplexors and the PPP session concentrator. 
Telecommunication networks based on ATM technology are complex and difficult 
to develop. 

[0005] The use of networks based on technologies other than ATM is envisaged. 
Networks of the GigaEthernet type offer a very high bandwidth for information 
transmission. These networks use authentication protocols for access to a 
network, such as, for example, the protocol defined in the IEEE 802.1 x standard. 
The authentication protocol as defined in the IEEE 802. 1x standard is also 
referred to as an access control protocol. These telecommunication networks are 
not compatible with the technologies commonly used in telecommunication 
networks based on ATM technology, and any use of these networks would 
require complete modification of the telecommunication network and also of the 
means available to the clients connected to the telecommunication network. In 
these telecommunication networks, the clients do not have to establish PPP 
sessions with a PPP session concentrator. 

[0006] The object of the invention is to overcome the disadvantages of the prior 
art by proposing a method and a system for access by a client to services 
provided by a service provider, in which clients conforming to the protocols used 

in the telecommunication networks using the point-to-point transport protocol can 
access the services provided by a service provider via a telecommunication 
network even if the network which allows access to the services provided by a 
service provider uses a predetermined access control protocol and/or access to 
the services provided by a service provider is not subject to the establishment of 
PPP sessions. 
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[0007] To this end, according to a first aspect, tine invention proposes a metliod 
for access by a client to services provided by a service provider, the client being 
able to transmit and/or receive information according to a point-to-point transport 
protocol via a telecommunication network and a session concentrator which is 
able to transmit and/or receive information according to the point-to-point 
transport protocol, characterised in that an access control protocol is used in the 
telecommunication network to control access to the services provided by the 
service provider, and in that it comprises the steps of: 

[0008] determining whether or not the client conforms to the access control 
protocol, 

[0009] authorizing the client that does not conform to the access control protocol 
to access a network for non-conforming clients, the network for non-conforming 
clients being set up on the telecommunication network and allowing access to 
the session concentrator, 

[0010] establishing a session between the non-conforming client and the session 
concentrator according to the point-to-point transport protocol on the network for 
non-conforming clients, 

[0011] transferring, by the session concentrator, the information transmitted by 

the non-conforming client in the established session to a network for clients that 
conform to the access control protocol, the network for conforming clients being 
set up on the telecommunication network and allowing access to the services 
provided by the service provider, and reciprocally. 

[0012] At the same time, the invention relates to a system for access by a client 
to services provided by a service provider, the client being able to transmit and/or 
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receive information according to a point-to-point transport protocol via a 
telecommunication network and a session concentrator which is able to transmit 
and/or receive information according to the point-to-point transport protocol, 
characterised in that an access control protocol is used in the telecommunication 
network to control access to the services provided by the service provider, and in 
that the system comprises: 

[0013] means for determining whether or not the client conforms to the access 
control protocol, 

[0014] means for authorizing the client that does not conform to the access 
control protocol to access a network for non-conforming clients, the network for 
non-conforming clients being set up on the telecommunication network and 
allowing access to the session concentrator, 

[0015] means for establishing a session between the non-conforming client and 
the session concentrator according to the point-to-point transport protocol on the 
network for non-conforming clients, 

[0016] means for transferring, by the session concentrator, the information 
transmitted by the non-conforming client in the established session to a network 
for clients that conform to the access control protocol, the network for conforming 
clients being set up on the telecommunication network and allowing access to 
the services provided by the service provider, and reciprocally. 

[0017] It is thus possible, for a client that is able to transmit and/or receive 
information according to a point-to-point transport protocol, to access services 
provided by a service provider even if said client is not compatible with the 
access control protocol which allows access to the services of service providers. 
By authorizing the client to access a network for non-conforming clients, the 
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client can access a session concentrator wliich is able to transmit and/or receive 
information according to the point-to-point transport protocol. The session 
concentrator can thus transmit the information transmitted by the client to a 
network for conforming clients and thus allow access to the services provided by 
the service provider. 

[0018] According to another aspect of the invention, the session concentrator 
determines, among the information transmitted by the service provider in the 
network for conforming clients, information destined for the non-conforming 
client, and transfers the determined information to the non-conforming client in 
the established session between the non-conforming client and the session 
concentrator. 

[0019] Thus, a non-conforming client is able to receive information from a service 
provider or a service from a service provider. 

[0020] According to another aspect of the invention, a number of service 
providers can be accessed by clients, each service provider being accessible via 
at least one network for clients that conform to the access control protocol, and 
the session concentrator determines the network for clients that conform to the 
access control protocol which allows access to the service provider for the non- 
conforming client, and transfers the information transmitted by the non- 
conforming client in the established session to the determined network for 
conforming clients. 

[0021] Thus, by using at least one network for conforming clients for each service 
provider, it is possible to divide the telecommunication network into different 
networks that are independent from one another. 

[0022] According to another aspect of the invention, upon establishment of the 
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session between the non-conforming client and the session concentrator, the 
session concentrator receives at least one broadcast message which is 
transmitted by the non-conforming client on the network for non-conforming 
clients, the broadcast message comprising at least the address of the non- 
conforming client, and the session concentrator transfers on the network for non- 
conforming clients at least one identification request message destined for the 
non-conforming client. 

[0023] Thus, it is possible to determine which non-conforming client is attempting 
to access the services of the service providers. 

[0024] According to another aspect of the invention, upon establishment of the 
session between the non-conforming client and the session concentrator, the 
session concentrator receives at least one message comprising at least one 
identifier which is transmitted by the non-conforming client on the network for 
non-conforming clients, transfers the identifier to an authentication server, 
obtains an authenticator for the non-conforming client, transfers the authenticator 
to the authentication server and establishes the session if the authentication 
server authenticates the non-conforming client. 

[0025] Thus, it is possible to authorize access to the services offered by the 
service providers only to clients which are subscribed to the services offered by 
the service providers. 

[0026] According to another aspect of the invention, the client accesses the 
telecommunication network via a Digital Subscriber Line Access Multiplexor, and 
the Digital Subscriber Line Access Multiplexor determines whether or not the 
client conforms to the access control protocol. 

[0027] According to another aspect of the invention, if the client conforms to the 
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access control protocol, the Digital Subscriber Line Access Multiplexor authorizes 
the client that conforms to the access control protocol to access a network for 
conforming clients, the network for conforming clients being set up on the 
telecommunication network and allowing access to a service provider. 

[0028] Thus, the conforming clients can directly access the networks which allow 
access to a service provider, without it being necessary to establish a PPP 
session in accordance with the point-to-point transport protocol, such as the 
protocol according to RFC 2516 for example, 

[0029] According to another aspect of the invention, a number of service 
providers can be accessed by clients, each service provider being accessible via 
at least one network for clients that conform to the access control protocol, and 
the Digital Subscriber Line Access Multiplexor determines the network for clients 
that conform to the access control protocol which allows access to the service 
provider for the conforming client, and transfers the information transmitted by 
the conforming client to the determined network for conforming clients. 

[0030] Thus, it is possible to categorise and group the clients together according 
to the service provider to which they are subscribed, or according to the service 
to which they are subscribed, and thus to limit the services to which the clients 
have access. 

[0031] According to another aspect of the invention, the telecommunication 
network is a network of the GigaEthernet type, the access control protocol is a 
protocol of the IEEE 802.1 x type, and the point-to-point transport protocol is a 
protocol in accordance with recommendation RFC 2516. 

[0032] A network of the GigaEthernet type is a high-speed telecommunication 
network based on Ethernet technology. A network of the GigaEthernet type 
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allows data transfer at speeds of more than one Gigabit per second. 

[0033] According to another aspect of the invention, the information transmitted 
according to the point-to-point transport protocol is in the form of packets, and 
the session concentrator, before transferring the information transmitted by the 
non-conforming client in the established session to a network for clients that 
conform to the access control protocol, forms information frames from the 
packets. 

[0034] The invention also relates to computer programs stored on an information 
support, said programs comprising instructions which make it possible to carry 
out the method described above when it is loaded and run by a computer 
system. 

[0035] The features of the invention that have been mentioned above, along with 
others, will become more clearly apparent on reading the following description of 
an example of embodiment, said description being given with reference to the 
appended drawings, in which: 

[0036] FIG. 1 shows the architecture of the system for access to services 
provided by service providers by a client that does or does not conform to an 
access control and authentication protocol via a telecommunication network; 

[0037] FIG. 2 shows the algorithm used by a Digital Subscriber Line Access 
Multiplexor of the telecommunication network for access to services provided by 
service providers by a client that does or does not conform to an access control 
and authentication protocol; 

[0038] FIG. 3 shows the algorithm used by a session concentrator of the 
telecommunication network for access to services provided by service providers 
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by a client that does not conform to an access control and authentication 
protocol. 

[0039] FIG. 1 shows the architecture of the system for access to services 
provided by a service provider by a client that does or does not conform to an 
access control and authentication protocol via a telecommunication network. 

[0040] In the system for access to services provided by service providers by a 
client that does not conform to an access control protocol via a 
telecommunication network 150, clients 110a, 110b and 110c access service 
providers 160, 170 and 180 via a Digital Subscriber Line Access Multiplexor 130, 
a telecommunication network 150 and a session concentrator 100. 

[0041] According to the invention, the Digital Subscriber Line Access Multiplexor 
1 30 determines whether a client 1 1 0 does or does not conform to an access 
control protocol and orients the communications of the non-conforming client 110 

towards a network for clients that do not conform to the access control protocol. 
The network for clients that do not conform to the access control protocol is 
preferably a virtual network set up on the telecommunication network 150. The 
network for non-conforming clients 140 may also, as a variant, be a physical 
network that is separate from the telecommunication network 150. 

[0042] The Digital Subscriber Line Access Multiplexor 130 comprises a 

communication bus 201 to which a central processing unit 200, a non-volatile 
memory 202, a random-access memory 203, a client interface 205 and a network 
interface 206 are connected. 

[0043] The non-volatile memory 202 stores the programs which implement the 
invention, such as the algorithm which will be described below with reference to 
FIG. 2. The non-volatile memory 202 is for example a hard disk. More generally. 
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the programs according to the present invention are stored in a storage means. 
This storage means can be read by a computer or a microprocessor 200. This 
storage means may or may not be integrated in the Digital Subscriber Line 
Access Multiplexor 130, and may be removable. When the Digital Subscriber 
Line Access Multiplexor 130 is powered up, the programs are transferred to the 
random-access memory 203 which then contains the executable code of the 
invention and also the data necessary for implementing the invention. 

[0044] The Digital Subscriber Line Access Multiplexor 130 also comprises a 
telecommunication network interface 206. This interface allows data exchanges 
to the telecommunication network 150. 

[0045] The Digital Subscriber Line Access Multiplexor 130 also comprises a 
client interface 205. In one preferred embodiment, this interface is an interface of 
the DSL type. The client interface 205 comprises, for each client 1 1 0a, 1 1 0b and 
110c, a dedicated port for point-to-point communications between the Digital 
Subscriber Line Access Multiplexor 1 30 and the client 1 1 0 connected to this port. 

[0046] The Digital Subscriber Line Access Multiplexor 130 comprises means for 
determining whether or not a client 110 conforms to an access control protocol 
which is used in the telecommunication network 150 to control access to the 
services provided by the service providers 160, 170 and 180. These 
determination means are more specifically the processor 200 which executes the 
instructions of the algorithm of FIG. 2. The Digital Subscriber Line Access 
Multiplexor 130 also comprises means for authorizing the client 110 that does not 
conform to the access control protocol to access a network for non-conforming 
clients 140 which is set up on the telecommunication network 150 and allows 
access to a session concentrator 1 00. 

[0047] The session concentrator 100 is more specifically a PPP session 
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concentrator 1 00. The PPP session concentrator 100 is connected to tlie network 
for non-conforming clients 140 and transfers tfie messaged transmitted by tine 
non-conforming client 110 to a network for conforming clients 161, 162 or 163 
after shaping of the messages transmitted by the client 1 10. A PPP session is a 
session established according to a point-to-point protocol. 

[0048] The networks for conforming clients 161, 162 or 163 thus allow access to 
services provided by service providers 160, 170 and 180. The networks for 
clients that conform to the access control protocol are preferably virtual networks 
which are set up on the telecommunication network 150 and in which it is not 
necessary to establish a PPP session in order to access the services provided by 
the service providers. 

[0049] The Digital Subscriber Line Access Multiplexor 130 is connected via its 
interface 205 to clients 1 10a, 1 10b and 1 10c by dedicated physical connections. 
If the dedicated physical connections are of the DSL type, the Digital Subscriber 
Line Access Multiplexor 130 is known by the term DSLAM. DSLAM is the 
acronym for "Digital Subscriber Line Access Multiplexer". The Digital Subscriber 
Line Access Multiplexor 130 has the function of grouping together several client 
lines 110a, 110b and 110c on a physical support which transports the data 
exchanged between the clients 1 10a, 1 10b and 1 10c and their respective service 
providers 1 60, 1 70 or 1 80. The Digital Subscriber Line Access Multiplexor 1 30 is 
connected to the telecommunication network 1 50, which is for example a network 
of the GigaEthernet type. 

[0050] Networks for conforming clients 161, 162 and 163 are set up on the 
telecommunication network 150 between the Digital Subscriber Line Access 
Multiplexor 130 and each service provider 160 and 180. The information 
transported on the networks for conforming clients 161, 162 and 163 is 
transmitted in the form of Ethernet frames. A network for non-conforming clients 
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140, which is separate from the networks for conforming clients 161, 162 and 
1 63, is also set up for access, by a client that does not conform to an access 
control protocol, to the services provided by service providers. The access 
control protocol is more specifically an access control and authentication protocol 
such as the IEEE 802. 1x protocol for example. 

[0051] The networks for conforming clients 161, 162 and 163 are preferably 
virtual networks. Virtual networks or VLANS, an acronym for "Virtual Local Area 
Networks", make it possible to categorise the clients and thus to limit the 
resources to which they have access. For example, if the client 1 1 0b is a client of 
the service provider 1 60, the exchanges between the client 1 1 0b and the service 
provider 1 60 are carried out via the VLAN synbolised by the connections bearing 
the reference 161 in FIG. 1. 

[0052] One or more virtual networks can thus be associated with one or more 
services of the service provider 1 60. 

[0053] More specifically, the clients 110a, 110b and IIOc are telecommunication 
terminals. The clients 110 are connected to the Digital Subscriber Line Access 
Multiplexor 130 via the public switched telephone network and use DSL-type 
modulation techniques. Of course, other types of point-to-point connection may 
be used. For example, and without any limitation, these connections may also be 
wireless connections or fibre optic connections. A client 110 is for example a 
telecommunication device such as a computer comprising a communication card 
suitable for the connection that exists with the Digital Subscriber Line Access 
Multiplexor 130 or a computer which is connected to an external communication 
device suitable for the connection that exists with the Digital Subscriber Line 
Access Multiplexor 130. In FIG. 1, only three clients 110a, 110b and 110c are 
shown. Of course, a greater number of clients 110 are connected to the Digital 
Subscriber Line Access Multiplexor 1 30. 
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[0054] The session concentrator 100, or more specifically the PPP session 
concentrator 100, is conventionally referred to as a BAS, the acronym for 
"Broadband Access Server". The PPP session concentrator 100 conveys the 
sessions established with the various non-conforming clients 110 to the service 
provider 160, 170 or 180 to which they are subscribed. For this, the PPP session 
concentrator 100 is connected to the network for non-conforming clients 140 and 
is able to detect broadcast messages conforming to the PPP protocol which are 
transmitted by a non-conforming client 1 1 0 on the network for non-conforming 
clients 140, to establish a session according to the point-to-point transport 
protocol with the non-conforming client, to determine the service provider to 
which the non-conforming client is subscribed, and to transfer the information 
transmitted by the non-conforming client according to the point-to-point transport 
protocol on the network for non-conforming clients 140 to the network for 
conforming clients 161 or 162 or 163 to which the service providers 160, 180 and 
1 70 are respectively connected. 

[0055] The PPP session concentrator 100 determines, among the information 
transmitted by the service providers 160, 170, 180 in the networks for conforming 
clients 161, 162 and 163, information destined for the non-conforming clients 
which have a PPP session established with the PPP session concentrator 100. 
The PPP session concentrator 100 shapes the determined information in such a 
way that said information is compatible with the point-to-point transport protocol, 
and transfers this shaped information in the established session between the 
client for which this information is intended and the session concentrator. 

[0056] The PPP session concentrator 100 comprises a communication bus 101 
to which a central processing unit 104, a non-volatile memory 102, a random- 
access memory 103, a server interface 105 and a network interface 106 are 
connected. 
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[0057] The non-volatile memory 102 stores the programs which implement the 
invention, such as the algorithm which will be described below with reference to 
FIG. 3, The non-volatile memory 102 is for example a hard disk. More generally, 
the programs according to the present invention are stored in a storage means. 
This storage means can be read by a computer or a microprocessor 104. This 
storage means may or may not be integrated in the PPP session concentrator 
100, and may be removable. When the PPP session concentrator 100 is 
powered up, the programs are transferred to the random-access memory 103 
which then contains the executable code of the invention and also the data 
necessary for implementing the invention. 

[0058] The PPP session concentrator 100 also comprises a telecommunication 
network interface 106 connected to the communication network 150. This 
interface 106 makes it possible to convey the sessions established with the 
various non-conforming clients 110 to the service provider 160, 170 or 180 to 
which they are subscribed. 

[0059] The PPP session concentrator 100 also comprises a server interface 105 
which allows the exchange of information with a DHCP server 120 and an 
authentication server 121. 

[0060] The DHCP server 120 distributes IPv4 or IPv6 addresses to the clients 

110 that do not conform to the access control protocol when said clients wish to 
access the services offered by a service provider 1 60 or 1 70 or 180. DHCP is the 
acronym for "Dynamic Host Configuration Protocol". 

[0061] In one variant embodiment, the DHCP server 120 is also able to distribute 
IPv4 or IPv6 addresses to the clients 110 that conform to the access control 
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protocol. According to this variant, the Digital Subscriber Line Access Multiplexor 
1 30 accesses the DHCP server 1 20 directly. 

[0062] The authentication server 121 authenticates a client 110 to the PPP 
session concentrator 100 when the client 110 wishes to access a service 
provider 160, 170 or 180. This authentication is carried out on the basis of the 
identifier of the client 1 1 0, such as its username, and the provision by the client 
1 1 0 of an authentication material such as a password. This authentication will be 
described in greater detail with reference to FIG. 3. 

[0063] It should also be noted that the DHCP server may also as a variant be a 
DHCP relay or "proxy" server which redirects the transferred information to 
DHCP servers (not shown in FIG. 1) which are associated with each service 
provider 1 60, 1 70 and 1 80. 

[0064] A proxy is an item of equipment which receives information from a first 
telecommunication device and transfers it to a second telecommunication device, 
and, reciprocally, which receives information from the second telecommunication 
device and transfers it to the first telecommunication device. 

[0065] The authentication server 121 authenticates a client that does not conform 
to the access control protocol. 

[0066] In one variant embodiment, the authentication server 121 is also able to 
authenticate a client that conforms to the access control protocol. In this variant, 
the Digital Subscriber Line Access Multiplexor 130 directly accesses the 
authentication server 121 in order to authenticate a client that conforms to the 
access control protocol. 

[0067] Here, authentication of a client refers both to the authentication of the 
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communication terminal 110 or of tlie user of tfie communication terminal 110. 
This authentication is carried out on the basis of the identifier of the client 1 1 0, 
such as its username, and the provision by the client 1 1 0 of a password or of an 
authentication material that has been validated by the authentication server 121. 

[0068] As a variant, the authentication server 121 may also be an authentication 
proxy server which redirects the transferred information to authentication servers 
(not shown in FIG. 1) which are associated with each service provider 160, 170 
and 1 80. According to this variant, each authentication service associated with a 
service provider stores all the clients that are authorized to access the services 
offered by the service provider with which it is associated, as well as the identifier 
and the authentication material for each client. 

[0069] The service providers 160, 170 and 180 offer different services to their 
respective clients. These services are for example, and without any limitation, 
Internet access services, video-on-demand services, e-mail services, telephone- 
over-Internet services, videoconference-over- Internet services, etc. 

[0070] FIG. 2 shows the algorithm used by a Digital Subscriber Line Access 
Multiplexor of the telecommunication network for access to services provided by 
service providers by a client that does or does not conform to an access control 
and authentication protocol. 

[0071] In step E200, the Digital Subscriber Line Access Multiplexor 130 detects 
the presence of a client 1 10 on one of the dedicated physical connections. In this 
step, the processor 200 verifies whether the client is compatible with the access 
control protocol, such as the IEEE 802.1 x protocol for example. This is 
determined for example by verifying whether the information transmitted by the 
client 110 conforms to the EAPOL protocol, EAPOL being the acronym for "EAR 
Over Lan", wherein EAR is the acronym for "Extensible Authentication Rrotocol". 
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More specifically, the processor 200 verifies whether the client conforms to the 
IEEE 802.1 X protocol by verifying whether said client transmits or is able to 
respond to a frame of the EAPoL-Start type of the IEEE 802.1 x protocol. In the 
affirmative, the processor 200 moves to step E202. In the negative, the 
processor 200 moves to step E201 . 

[0072] In step E201, the Digital Subscriber Line Access Multiplexor 130 
authorizes the non-conforming client 1 1 0, for example the client 1 1 0a, to access 
a network for non-conforming clients 140. 

[0073] In step E202, the Digital Subscriber Line Access Multiplexor 130, more 
specifically the processor 200, determines the network for clients that conform to 
the access control protocol 161 or 162 which allows access to the service 
provider 1 60 or 1 80 for the conforming client 1 1 0. 

[0074] In step E203, the Digital Subscriber Line Access Multiplexor 130, more 
specifically the processor 200, authorizes the conforming client 110, for example 
the client 110b, to access the network for conforming clients 161 or 162 to which 
its service provider 160 or 180 is connected. The information transmitted by the 
conforming client 110b is then transferred to the determined network for 
conforming clients. It should be noted that access authorisation is in this case 
subject to an authentication procedure. 

[0075] During the authentication procedure, the Digital Subscriber Line Access 
Multiplexor 130, more specifically the processor 200, receives from the client 110 
an identifier and a password or an authentication material. 

[0076] The processor 200 of the Digital Subscriber Line Access Multiplexor 1 30 
commands the transfer of a registration confirmation request to the 
authentication server 121. The authentication server 121 searches in the client 
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database to determine whether the client 1 1 0 is contained in the client database, 
verifies the validity of the password or of the authentication material and, in the 
affirmative, transfers a confirmation of registration of the client 110 to the Digital 
Subscriber Line Access Multiplexor 1 30. The authentication procedure preferably 
conforms to the procedure described in the IEEE 802.1 x protocol. 

[0077] It should also be noted here that the Digital Subscriber Line Access 
Multiplexor 130, having verified that the clients conform to an access control 
protocol, authorizes said clients to access a network 161 or 162 in which PPP 
sessions are not used for access to the services provided by the service 
providers 160 or 180. The Digital Subscriber Line Access Multiplexor 130, upon 
determining that the clients do not conform to an access control protocol, 
authorizes said clients to access a network 140 in which PPP sessions can be 
used for access to the services provided by the service providers 1 60, 1 70 or 
180. 

[0078] FIG. 3 shows the algorithm used by a session concentrator of the 
telecommunication network for access to services provided by service providers 
by a client that does not conform to an access control and authentication 
protocol. 

[0079] Step E300 consists of a waiting loop in which, more specifically, the 
processor 1 04 waits to receive a broadcast message from the network for non- 
conforming clients 140. The broadcast message conforms for example to the 
PPP protocol or to one of its two variants (PPPoE (acronym for "Point to Point 
Protocol over Ethernet") and PPPoA (acronym for "Point to Point Protocol over 
ATM"). The point-to-point transport protocol PPP makes it possible to transport 
multi-protocol datagrams via a point-to-point connection. The broadcast message 
is transmitted by a non-conforming client on the network for non-conforming 
clients 140. This is because, according to the PPP protocol, each PPP session 
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has to learn the Ethernet address of the remote machine so as to establish and 
identify a unique session. This broadcast message comprises the address of the 
non-conforming client 1 1 0, the predetermined addressee address, identified as 
the broadcast address, and a session identifier. Upon receipt of a broadcast 
message, the PPP session concentrator 100 moves to the next step E301. 

[0080] In this step, an identification message is sent by the PPP session 
concentrator 100, more specifically by the processor 104, to the client 1 10 whose 
broadcast message has previously been detected via the virtual network 140. 

[0081] The next step E302 is a step of interpreting, more specifically by the 
processor 104, the result of the authentication request for the client 110. The 
result of the authentication request is delivered by the authentication server 121. 
Whether or not a PPP session is established between the client and the session 
concentrator depends on the result of the authentication request. If this session is 
established, it will make it possible de facto for the client to access the services 
of the service provider 160, 180 or 170. If the authentication of the client 1 10 has 
failed, the PPP session concentrator 100 does not allow the establishment of the 
session between the client 110 and the PPP session concentrator 100. The client 
is thus unable to access any of the service providers 160, 170 and 180. 

[0082] More specifically, the PPP session concentrator 100 receives at least one 
message comprising at least one identifier which is transmitted by the client 1 1 0 
on the network for non-conforming clients 140, the PPP session concentrator 100 
transfers the identifier to the authentication server 121 which may or may not 
recognise the client 1 10 as having an identifier that is known to the authentication 
server 121. If the authentication server 121 recognises the client 110, it 
generates a message destined for the PPP session concentrator 100 so that the 
latter obtains the authenticator for the client 110. Once the PPP session 
concentrator 100 has obtained this authenticator for the client 110, the 
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authenticator is transferred to the authentication server 121 which may or may 
not authenticate the client 1 1 0. If authentication of the client 1 1 0 is confirmed, the 
PPP session concentrator 1 00 moves to the next step E303. 

[0083] The PPP session concentrator 100, more specifically by the processor 
104, determines in step E303 the service provider to which the client 110 is 
subscribed. This is carried out for example by analysing the identification 
message previously received from the client in step E302. 

[0084] In step E304, the PPP session is established between the client 110 and 
the PPP session concentrator 100. The PPP session concentrator 100, more 
specifically by the processor 104, receives from the client 110, via the virtual 
network 140, information conforming to the point-to-point transport protocol. 

[0085] The PPP session concentrator 100, more specifically by the processor 
104, then in step E305 transfers the information received on the network for 

conforming clients 161, 162 or 163 corresponding to the service provider to 
which the client 110 is subscribed. It should be noted here that the information 
transported in the form of packets, in accordance with the point-to-point transport 
protocol, is previously shaped so as to form frames of the Ethernet type. It should 
also be noted that a packet consists of a frame of the Ethernet type encapsulated 
in accordance with the PPP protocol. 

[0086] Once this operation is complete, the PPP session concentrator 100, more 
specifically by the processor 104, returns to step E304 and carries out the loop 
consisting of steps E304 to E306 for as long as the PPP session between the 
client 110 and the session concentrator 100 remains established. The PPP 
session is interrupted if the client 110 disconnects in accordance with the PPP 
protocol or if an exceptional event occurs. This event is for example an explicit 
order sent to the PPP session concentrator 100 to interrupt a session, the failure 
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of a link in the network for non-conforming clients 140, or the like. 

[0087] It should be noted here that the PPP session concentrator 100, in parallel 
with steps E304 and E306, determines, among the information transmitted by the 
service providers 160, 170, 180 in the networks for conforming clients 161, 162 
and 163, the information destined only for the non-conforming clients which have 
a PPP session established with the PPP session concentrator 100. The PPP 
session concentrator 100 shapes the determined information so that said 
information is compatible with the point-to-point transport protocol, and transfers 
this shaped information in the established session between the client for which 
this information is intended and the session concentrator. 

[0088] Of course, the present invention is in no way limited to the embodiments 
described here but rather, on the contrary, encompasses any variant within the 
capabilities of the person skilled in the art. 
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